Greetings, Fajar A. Nugraha! > On Wed, Sep 14, 2016 at 12:03 AM, Andrey Repin <[email protected]>wrote:
>>> [ 5408.633325] type=1400 audit(1471009220.304:57): apparmor="DENIED" >>> operation="mount" info="failed flags match" error=-13 >>> profile="lxc-container-default" name="/" pid=12887 comm="mount" flags="ro, >>> remount" > > Is it working fine? No, it either fails to start, or not mounting the directories. > > Anyone? Halp? > > If the container works, ignore the messages. > The apparmor profile in lxc/lxd will deny most mount commands from inside > the container. I'm mounting from container configuration. Not from inside the container. > Which is fine, since the host is supposed to setup all > necessary mounts anyway. Most distros that run inside the container (at > least I tested with ubuntu and centos) can correctly detect whether the > error can be safely ignored, so there should be no harm other than the (in > your case) unwanted logs. > Some types of mount (e.g. fuse) can be made to work inside the container > (IIRC this is the default in lxd 2.0.4). > More types of mounts can be made available by setting security.nesting (lxd) > or lxc.aa_profile (lxc) -- With best regards, Andrey Repin Wednesday, September 14, 2016 11:59:22 Sorry for my terrible english... _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
